Tianwei Zhang

The paper identifies that background 'heartbeat' execution in personal AI agents like Claw can silently pollute the agent's memory with external misinformation, influencing user behavior without the user's knowledge or explicit prompt injection.

The paper introduces AutoEG, a fully automated multi-agent framework that significantly improves the exploitation of known third-party vulnerabilities in black-box web applications by achieving an 82.41% average success rate.

The paper proposes efficient Fuzzy Private Set Intersection (FPSI) protocols for various $L_p$ distance metrics by leveraging symmetric-key operations, achieving linear complexity and significantly outperforming existing state-of-the-art methods.

The paper introduces AudioHijack, a framework that successfully demonstrates context-agnostic and imperceptible auditory prompt injection attacks, showing that commercial Large Audio-Language Models can be hijacked with high success rates.

The paper introduces LeakDojo, a framework that systematically evaluates RAG leakage risks, finding that stronger LLM instruction-following and query generation are major independent contributors to data leakage.

The paper proposes mitigating the progressive degradation of safety in language models caused by many-shot jailbreak attacks by appending a single, fixed safety demonstration at inference time.

The paper introduces TESLA, a novel, contactless electromagnetic (EM) side-channel attack that exploits inherent EM emanations from capacitive touchscreens to extract highly sensitive user data like PIN codes and keystrokes.

The paper introduces BITE, a black-box adversarial framework that exploits stylistic biases in LLM judges by adaptively generating semantically equivalent edits to artificially inflate assigned scores.

MemMorph introduces a novel memory poisoning attack that biases LLM agent tool selection by injecting crafted records into the agent's long-term memory, achieving high success rates even against modern defenses.